The debate over online privacy may be headed for a lull in the coming weeks, but you can expect it to resume in earnest next year, when legislation is likely to appear before a new Congress calling for baseline safeguards for Internet users.

Rep. Ed Markey (D-Mass.), who chairs the Subcommittee on Telecommunications and the Internet, is planning to introduce legislation in the next session to create something like an online bill of rights.

"The general idea here is to strengthen consumer privacy protections [and] ensure that consumers are aware of who is collecting their information and when they are collecting it," Markey's communications director, Jessica Schafer, told InternetNews.com.

Congress, which is in recess now, is not likely to revisit the issue of online privacy in the three remaining weeks it will be in session before adjourning again Sept. 26 for the presidential election.

Nevertheless, this year has seen increasing government scrutiny into the privacy policies of online advertisers. That trend may be likely to carry over into the new Congress and administration, particularly as Internet companies develop increasingly sophisticated techniques for targeting ads.

Informing Markey's bill will be the responses from more than 30 Internet companies -- mostly ISPs -- to a letter Markey and his colleagues sent out asking the companies for details about how they target advertisements online. The letters followed a hearing Markey's committee held looking into an emerging technique that some ISPs have been experimenting with to target ads to their subscribers based their Web activities.

In addition to Markey, the signatories were Reps. John Dingell (D-Mich.), who chairs the House Energy and Commerce Committee; Joe Barton (R-Texas), the ranking GOP member on the committee; and Cliff Stearns of Florida, the ranking Republican on the Subcommittee on Telecommunications and the Internet, which Markey chairs.

Deep-packet inspection under the microscope

While privacy advocates have long warned about companies like Google (NASDAQ: GOOG) and Yahoo (NASDAQ: YHOO) developing detailed profiles about their users' interests and preferences, the most recent dustup centered around a company called NebuAd.

NebuAd, a Redwood City, Calif.-based startup, partners with ISPs to collect the Web activities of their subscribers, and filter that information into different product categories, which then instruct the placement of an ad. The idea is to glean an inference about a person's interests, and show an ad that matches those interests.

In that sense, NebuAd's is allowing ISPs to do the same thing that every online advertiser is trying to do: show ads that the consumer will find more relevant and be more likely to click on.

The problem is the method. NebuAd, which did not respond to requests for comment for this story, has become a lightning rod for privacy concerns ever since it was came to light that it uses a technique called deep-packet inspection (DPI) to discern the content of Internet traffic.

The scandal became national news when Charter Communications, the nation's fourth-largest cable provider, announced that it was abandoning its plans to trial the technology June 25. In the time since, NebuAd CEO Bob Dykes has testified before at least two congressional committees, insisting that the technology does not collect personally identifiable information, and that it ignores information on sensitive topics such as health or finance.

NebuAd's system has an opt-out mechanism. But for Markey, who has likened what NebuAd enables an ISP to do to the U.S. Postal Service opening people's mail instead of simply reading the address label, that's not enough.

"He has a lot of serious concerns about DPI tracking and feels very strongly that consumer should have to opt in to that kind of tracking," Schafer said.